Avoid PlugX malware
Once these two items have been set the ability of PlugX to take advantage of innocent people should be thwarted.
365
82 posts
Disrupting Qakbot
All it took was an email attachment policy, a little hardening of Microsoft Office and the configuration of the built-in anti-virus software
How to isolate a device using Defender
let's say that you've come across a situation, and you want to remove a device from the network - remotely, while you investigate. Interestingly this device, need not be enrolled in Defender for Business. It can an unmanaged device to
How to prevent weak MFA session token theft
Microsoft recently published an analysis of the techniques used by one popular phishing-as-a-service provider. We'll take that analysis and implement a solution based upon it
Prerequisites of settings for Defender
There are a number of basic settings in Defender that should be configured before you start using Defender.
How to use the Azure AD conditional access templates
Finally, there is an easy way to deploy a base set of conditional access policies to users, devices and apps in a tenant. Microsoft calls it Conditional Access Templates and you will find them in Azure AD - Security - Conditional Access - Conditional Access Templates.
Migrate to the new MFA authentication policies
There’s mandatory migration underway from SSPR and MFA settings to policy and you have until later this month to get them into place voluntarily or Microsoft will do it for you
Onboarding a new user with a single word
I’m going to show you how adding a single word to a user’s profile in Azure Active Directory (Azure AD) can kick off an entire onboarding process and move user add/remove from an IT task into an administrative assistant task.
Get notified when a user is flagged as Risky
The Risky User report is useful sure, but wouldn't it be better if you didn't have to remember to see if any users have been flagged as Risky?
Where should you configure ASR rules?
Where should you configure ASR rules? I had this question, so I asked a contact in Endpoint Management at Microsoft.
Endpoint Manager: How to disable Autoplay for all drives
Turning off Autoplay is a recommended policy in Endpoint Manager device configuration. It is recommended because it can prevent the automatic opening a files from any drive type
Using Azure AD for user automation
We hold ourselves to a higher security standard than most of our clients because we have access to many companies. Attackers have shown that MSPs are a huge target. Internally we use Azure AD P2 features to manage ourselves and automate employee permission and application assignments.